The highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.

Table of Contents:
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Web Application Security 6 Summary 15 Chapter 2 Core Defense Mechanisms 17 Handling User Access 18 Handling User Input 21 Handling Attackers 30 Managing the Application 35 Summary 36 Questions 36 Chapter 3 Web Application Technologies 39 The HTTP Protocol 39 Web Functionality 51 Encoding Schemes 66 Next Steps 70 Questions 71 Chapter 4 Mapping the Application 73 Enumerating Content and Functionality 74 Analyzing the Application 97 Summary 114 Questions 114 Chapter 5 Bypassing Client-Side Controls 117 Transmitting Data Via the Client 118 Capturing User Data: HTML Forms 127 Capturing User Data: Browser Extensions 133 Handling Client-Side Data Securely 154 Summary 156 Questions 157 Chapter 6 Attacking Authentication 159 Authentication Technologies 160 Design Flaws in Authentication Mechanisms 161 Implementation Flaws in Authentication 185 Securing Authentication 191 Summary 201 Questions 202 Chapter 7 Attacking Session Management 205 The Need for State 206 Weaknesses in Token Generation 210 Weaknesses in Session Token Handling 233 Securing Session Management 248 Summary 254 Questions 255 Chapter 8 Attacking Access Controls 257 Common Vulnerabilities 258 Attacking Access Controls 266 Securing Access Controls 278 Summary 284 Questions 284 Chapter 9 Attacking Data Stores 287 Injecting into Interpreted Contexts 288 Injecting into SQL 291 Injecting into NoSQL 342 Injecting into XPath 344 Injecting into LDAP 349 Summary 354 Questions 354 Chapter 10 Attacking Back-End Components 357 Injecting OS Commands 358 Manipulating File Paths 368 Injecting into XML Interpreters 383 Injecting into Back-end HTTP Requests 390 Injecting into Mail Services 397 Summary 402 Questions 403 Chapter 11 Attacking Application Logic 405 The Nature of Logic Flaws 406 Real-World Logic Flaws 406 Avoiding Logic Flaws 428 Summary 429 Questions 430 Chapter 12 Attacking Users: Cross-Site Scripting 431 Varieties of XSS 433 XSS Attacks in Action 442 Finding and Exploiting XSS Vulnerabilities 451 Preventing XSS Attacks 492 Summary 498 Questions 498 Chapter 13 Attacking Users: Other Techniques 501 Inducing User Actions 501 Capturing Data Cross-Domain 515 The Same-Origin Policy Revisited 524 Other Client-Side Injection Attacks 531 Local Privacy Attacks 550 Attacking ActiveX Controls 555 Attacking the Browser 559 Summary 568 Questions 568 Chapter 14 Automating Customized Attacks 571 Uses for Customized Automation 572 Enumerating Valid Identifiers 573 Harvesting Useful Data 583 Fuzzing for Common Vulnerabilities 586 Putting It All Together: Burp Intruder 590 Barriers to Automation 602 Summary 613 Questions 613 Chapter 15 Exploiting Information Disclosure 615 Exploiting Error Messages 615 Gathering Published Information 625 Using Inference 626 Preventing Information Leakage 627 Summary 629 Questions 630 Chapter 16 Attacking Native Compiled Applications 633 Buffer Overflow Vulnerabilities 634          Integer Vulnerabilities 640 Format String Vulnerabilities 643 Summary 645 Questions 645 Chapter 17 Attacking Application Architecture 647 Tiered Architectures 647 Shared Hosting and Application Service Providers 656 Summary 667 Questions 667 Chapter 18 Attacking the Application Server 669 Vulnerable Server Configuration 670 Vulnerable Server Software 684 Web Application Firewalls 697 Summary 699 Questions 699 Chapter 19 Finding Vulnerabilities in Source Code 701 Approaches to Code Review 702 Signatures of Common Vulnerabilities 704 The Java Platform 711 ASP.NET 718 PHP 724 Perl 735 JavaScript 740 Database Code Components 741 Tools for Code Browsing 743 Summary 744 Questions 744 Chapter 20 A Web Application Hacker’s Toolkit 747 Web Browsers 748 Integrated Testing Suites 751 Standalone Vulnerability Scanners 773 Other Tools 785 Summary 789 Chapter 21 A Web Application Hacker’s Methodology 791 General Guidelines 793 1 Map the Application’s Content 795 2 Analyze the Application 798 3 Test Client-Side Controls 800 4 Test the Authentication Mechanism 805 5 Test the Session Management Mechanism 814 6 Test Access Controls 821 7 Test for Input-Based Vulnerabilities 824 8 Test for Function-Specific Input Vulnerabilities 836 9 Test for Logic Flaws 842 10 Test for Shared Hosting Vulnerabilities 845 11 Test for Application Server Vulnerabilities 846 12 Miscellaneous Checks 849 13 Follow Up Any Information Leakage 852 Index 853